X-Frame-Options Header

Note: Please use the OWASP Secure Headers Filter instead.This can be resolved at the Tomcat level by implementing HTTP Header Security.

For Tomcat 8 (and possibly earlier)

Simply add the following to <YellowfinInstall>/appserver/webapps/ROOT/WEB-INF/web.xml inside the <web-app> tag:

  <filter>
    <filter-name>httpHeaderSecurity</filter-name>
    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
    <async-supported>true</async-supported>
  </filter>
  <init-param>
  	<param-name>antiClickJackingOption</param-name>
  	<param-value>$optionHere</param-value>
  </init-param>
  <filter-mapping>
    <filter-name>httpHeaderSecurity</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

Where $optionHere will signify one of: DENY, SAMEORIGIN, ALLOW-FROM. As documented in the Tomcat Configuration docs.

For Tomcat 9 (and possibly later)

It needs to be included in the web.xml file found in the /appserver/conf directory.In addition to this change, the init-param values need to be contained within the filter block itself (see the example below):

    <filter>
        <filter-name>httpHeaderSecurity</filter-name>
        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
        <init-param>
            <param-name>antiClickJackingOption</param-name>
            <param-value>SAMEORIGIN</param-value>
        </init-param> 
        <async-supported>true</async-supported>
    </filter>

    <filter-mapping>
        <filter-name>httpHeaderSecurity</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>

As always, if still facing issues, please let us know and we will provide further guidance.

Regards,

Yellowfin Support Team